Passionate about IP! Since June 2003 the IPKat has covered copyright, patent, trade mark, info-tech, privacy and confidentiality issues from a mainly UK and European perspective. The team is Neil J. Wilkof, Annsley Merelle Ward, Darren Smyth, Nicola Searle, Eleonora Rosati, David Brophy, Alberto Bellan and Merpel, with contributions from Mark Schweizer. You're welcome to read, post comments and participate. You can email the Kats here

From October 2016 to March 2017 the team is joined by Guest Kats Rosie Burbidge and Eibhlin Vardy, and by InternKats Verónica Rodríguez Arguijo, Tian Lu and Hayleigh Bosher.

Saturday, 5 December 2015

While its linguistic imagery may not rise to the level of your favorite author, the computer world has its share of colorful

terms adopted from other contexts, such as "surf", "mouse" and "cookie". But perhaps no term in the field has yielded as much diversity as has the word "hack/hacker". Probably a few hoary Kat readers, such as this Kat, were around close to the genesis of the adoption of the term in connection with computers, but most Kat readers probably have fewer, or no, grey Kat hairs. As such, it is worth recalling how the term has developed over more than a 60-year period, both because of the intrinsic fascination in seeing how a term changes meaning over time and to better appreciate the term's various current shades of meaning within the discourse about computers, software and networks.

Given the negative connotation of the term today, I recall my surprise when I first read (alas, the source has long been forgotten) that in the world of mainframe computer in the 1960's, where the principal revenue stream were licensing fees for the hardware, "hacker" referred to a person who was encouraged to tinker with the software to improve its performance. After all, there was no or little money to be made in the software per se, so that any improvements in performance would only serve to enhance the value of the mainframe itself. Hacking appeared to be a beneficial activity in support of the hardware.

But it transpires that the earliest adoption of the term with respect to the computer industry occurred in the 1950's. Ben Yagoda, writing in the March 6, 2014 issue of The New Yorker, notes that the term was used in the 1950’s at MIT “to mean fussing with machines”, a benign sort of activity. The negative connotation that we have come to associate with the term apparently only began to creep into our lexicon in the 1970’s. Thus, in a 1975 glossary for computer programs, one of the meanings given is “[a] malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker. The correct term is cracker.” Any reference to “cracker” in this context seems to have disappeared, leaving us with “hacker” in the negative sense that is prevalent today, conjuring up a “digital trespasser.”

Lest one think however that "hacker" has come to connote only nefarious intruders into computers, software and networks, the meaning term has further developed so that are, in fact, under certain circumstances, "good" and "bad" hackers. Consider the following definitions that appear on technopedia.com.

"A white hat hacker is a computer security specialist who breaks into protected systems and networks to test and asses their security. White hat hackers use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them. Although the methods used are similar, if not identical, to those employed by malicious hackers, white hat hackers have permission to employ them against the organization that has hired them."

"White hat hackers are usually seen as hackers who use their skills to benefit society. They may be reformed black hat hackers or they may simply be well-versed in the methods and techniques used by hackers. An organization can hire these consultants to do tests and implement best practices that make them less vulnerable to malicious hacking attempts in the future."

"For the most part, the term is synonymous with "ethical hacker." The term comes from old Western movies where the cliché was for the "good guy" to wear a white cowboy hat. Of course, the "bad guys" always seemed to wear a black hat."

Yagoda traces this black/white dichotomy back to the 1960’s in connection with intruding into telephone lines, but the understandings quoted above are largely of more recent vintage.

It is interesting to note that the difference between "hacker good" and "hacker bad" is not determined as much by the nature of the activity per se as by the surrounding circumstances, including whether the target gave permission to be hacked. Perhaps it is fair to say that the difference between black and white hacking reflects a more general ambivalence in society about how to view hackers and hacking. Is he a “righteous dude”, in the words of eulogy to an M.I.T. student who died in a plane crash in 1995, or a malicious trespasser of a computer or network. And then, of course, there is the national security aspect of "hacking". When it is the enemy's network that has been successfully hacked, the resulting activity might be positively viewed, but when it is a network in one's own country that has been hacked by foreign perpetrators, the activity takes on an entirely different character.

What is “hacking” and who is a “hacker”? It very much depends upon whom you ask.

Thanks for this article. While I enjoyed reading it I feel that it conveys a somewhat warped picture of hackers. You correctly observe that there is a divide between "bad" and "good" hackers, however, I doubt that the latter will refer to themselves as "white hat hackers". They consider themselves simply as hackers, maybe the true hackers. Moreover it should be emphasized that hacking does not necessarily involve system intrusion, as many hackers would still subscribe to the core meaning of the term developed in the 50s and 60s, focusing on creativity, freedom, sharing, openness, and world improvement. For many, respect of the privacy of others is equally important. For more just look at the popular and influential attempts at defining hacker ethics (see e.g. http://dasalte.ccc.de/hackerethics.en and http://www.catb.org/jargon/html/H/hacker-ethic.html).

The black/white hat thing is a bit misleading. The process of hacking (attempting to gain unauthorised entry to a computer system) is surely neutral from a moral point of view. It's what you do if you succeed that marks the good guy out from the bad.

If you walk down a street looking for cars which are either unlocked or have a window slightly open, you are not committing a crime*. If you find one, you have still not done anything wrong. If you put your hand through the window and open the door, in order to close the window, is this wrong? If you sit inside car? If you rummage in the glovebox? If you find the spare key clipped under the wheel arch? If you test whether the engine will start? If you move the vehicle a bit, to find out whether it has an immobiliser? If you drive the vehicle to the nearest police station and report it? If you drive the vehicle around a bit first, just to see what it's like to drive? If you spot the's vehicle owner, talking angrily on his mobile phone and gesturing frantically at the empty parking space, do you walk up to him and offer to let him have his car back, in return for a generous finder's fee? At what point did you become a black-hat?

*The German police do this all the time - it's an offence to leave your vehicle unsecured. Talk-talk take note.

"The black/white hat thing is a bit misleading. The process of hacking (attempting to gain unauthorised entry to a computer system) is surely neutral from a moral point of view. It's what you do if you succeed that marks the good guy out from the bad."

Sorry, but that is not even close to being true.

Maybe the word "unauthorised" means "the rules don't apply to me" to you, but there is a moral point lost in NOT following rules.

A better analogy would be walking down the street trying the door handles of the cars to see if the car is locked. Many people would regard that behaviour as wrong unless there is a good reason for it, and the onus would be on the person to prove he had a good reason.

... and the onus would be on the person to prove he had a good reason.

Who decides whether it's a good reason? And why the presumption of guilt? Sounds like a slippery slope towards moral absolutism.

Personally, even if I stood to win a bet about the proportion of cars which are left unlocked, I wouldn't walk down the street trying doors, and certainly not if I were a black teenager in the US. Hmmm. Maybe the analogy isn't that great after all, because it's too dependent on context.

If I'm an invisible, anonymous internet user trying out different SQL injection techniques on random webservers, can you presume that I'm guilty of a crime? The internet is (still) a free country, isn't it?

IPKat Policies

This page summarises the IPKat policies on guest submissions and comments. If you have posted a comment to one of our blogposts and it hasn't appeared, it may be because it doesn't match our criteria for moderation. To learn more about our guest submissions, comments and complaints policy and the procedure for lodging a complaint click here.

Has the Kat got your tongue?

Just click the magic box below and get this page translated into a bewildering selection of languages!